Hello EH!i am a web developer having an experience of 5+ years. I started hacking into boxes as a script kiddie. Went for a CEH and CISSP training. But may be i was over confident and went directly for a CISSP exam which i failed. Web development is something is started when i was 14. Now i wanted to get back to the penetrating testing ethical hacking. I need suggestions on how i can pursue my career in info-sec, i m currently working as a web administrator but still my passion is in info-sec domain. All suggestions are welcomed.

P.S i am now a days trying to get some experience in Backtrack5

Cheers

Last edited by moosa on Thu Mar 15, 2012 9:32 am, edited 1 time in total.

CEH and CISSP give management and HR warm and fuzzies. CISSP requires a bit more work than say CEH as far as knowing material. They both cover a lot but they cover different areas. CEH covers the pen testing aspects, but not necessarily in detail. CISSP covers a number of domains and in order to maintain the CISSP you need to have a certain amount of exerpience in some of those domains. There are also a number of changes being made to the cert which you should read up on.

eCPPT would be a good choice for a decent technical cert. Becoming familiar with OWASP and joining a local OWASP chapter will get your foot in the door with the community. Maybe look into companies like Veracode who do Application testing, see what their requirements might be for App pen testers.

Your background will suit you nicely for that piece of pen testing. Don't be discouraged by failing CISSP, work on your technical skills first. Try to contribute to the community in some way so you have a leg to stand on when you're interviewing. Since web dev is your forte, you might want to consider knocking out the GWAPT.

I really appreciate all your suggestions. I agree with u guys that Web Pentesting is what i should pursue and OWASP is what which can get me into community scene. But can i make the best use of Backtrack as in my region backtrack is recognized widely. So will it be possible to go for OSCP with the knowledge i have or can i get that kind of knowledge with self study which is needed to get OSCP. Currently i am working with html, css, jquery, wordpress, apache, mysql, ftp server and mercury. I know about vmware and stuff currently m having bt5 win2000 win 2003 metasploitable and other vuln machines on my vm. Other than that SQL injection is something i am very comfortable with.

It sounds like you'll probably be short on the systems and networking side of things. You could either identify your weak areas in advance or research unfamiliar items as you go through the course. The only downside of the later approach is that you'll be doing that instead of making use of the lab time you're paying for.

Don't take me wrong, I have been in IT working as Dev for 8+yrs and Testing another 6+years, On looking at OSCP syllabus, I personally felt it might be too much for me (Again Its ME) so preferred to look at eCPPT and from there slowly understand myself on more by reading (blogs) and practicing in my own lab. By this I will reach a comfortable level to go for OSCP.

There are EH members who has taken OSCP directly, I believe its all to do with passion on the subject and commitment to work on OSCP lab.

So it depends on your commitment to the subject and learning capacity as every individual is different.

Goodluck

V

moosa wrote:I really appreciate all your suggestions. I agree with u guys that Web Pentesting is what i should pursue and OWASP is what which can get me into community scene. But can i make the best use of Backtrack as in my region backtrack is recognized widely. So will it be possible to go for OSCP with the knowledge i have or can i get that kind of knowledge with self study which is needed to get OSCP. Currently i am working with html, css, jquery, wordpress, apache, mysql, ftp server and mercury. I know about vmware and stuff currently m having bt5 win2000 win 2003 metasploitable and other vuln machines on my vm. Other than that SQL injection is something i am very comfortable with.

There's also tons of information here, but also on the InterN0T forums: http://forum.intern0t.org/forum.php and many others as well. Just be aware that not all guides are high quality guides, some are even incorrect and many, teaches you only the basics (of the basics sometimes), but InterN0T is a free and good place to start.

There's even threads about coding securely, how to identify the vulnerabilities in the code, e.g., in this thread: http://forum.intern0t.org/offensive-gui ... irgod.html (which was originally posted there, before it was distributed to all the other websites. Please keep in mind that it was SirGod who wrote this.)

You can also find really good proof of concept's and possibly guides by RGod aka RetroGod, and well, this is not one of the resources I have shared often, but this one will help you (and hopefully many others too) quite a lot: http://www.blackhatacademy.org/security ... ploitation

There's plenty of web labs, both open source and commercial. I haven't tried many web app labs, but MDSec Labs are very heavy, and you may want to study the "Web Application Hacker's Handbook Second Edition" first (I'd say it's almost a requirement, but also to get the best experience), and the first edition of this book may be good as well.

What is important to keep in mind, that the MDSec Labs has a lot of content, and extreme amounts of variations of the same attack (haven't seen this in other labs), but there aren't cool things like: http://www.exploit-db.com/vbseo-from-xs ... php-shell/ , but there's a lot of nice things you can learn in there, including how to use Burp for a lot more tasks.

I did 4½ Labs, and it was a nice experience. The first 2 labs were piece of cake, but fun to do. I am planning on doing the rest of the labs, before making a complete review with good "details" (not actual solutions of course, just how I think the labs are), and the price is not bad. I used 5 credits for those 4½ labs, but I spent my time well and knew web app sec before playing in there.

So, with that being said, I hope you'll enjoy becoming a Penetration Tester, this is just the web app sec side, if you want to learn exploit development (for binary programs, etc.) then Corelan.be is one of the best places to go to.

If you want a nice overall, broad and deep certification, it's OSCP. I know you may think you'll save money on just doing OSCE, but that's very close to actual exploit development (such as 0days), and very targeted, so it is within pentesting, but it's not very broad compared to OSCP which is good for anyone

SANS courses, if you don't pay yourself, go for them. If you do, start with Offensive Security, or eLearnSecurity (Even though they're heavily web app sec focused, at least their exam is).

I really understand the fact that i will be short on systems and networking side. And yea i can not just go study for 30 days and yea i am done with OSCP. I believe if i will prepare myself properly with self reading stuff for which i have no deadlines as i am right now working on a development side which is not related to security so i am not practicing security on my job that is the only thing which keeps me away from security. Because after working 13 hours daily i am not able to get hold on sec side. So my final thought is i should study all the material recommend by you guys, and slowly i will make my way to sec first. My major subject would be Web Pentest but i will also study overall pen-testing tools. Once i will be able to exploit/hack all the major vuln vmware machines i should think that i am now aware of all the tools. I will try to use BT5 for all type of attacks instead of My Host OS Win 7. As i have to pay for my certs. I will invest on OSCP once i am sure. And this forum is going to help me for my assessment . n yea i always appreciate EH Suggestions

Please Correct me if i am wrong some where. I guess there is no such restriction or need to have any cert before OSCP.

Almost anyone can sign up for OSCP, but they don't accept free e-mail providers, and some countries may be blocked from buying the courseware due to copyright laws in those countries, or because of previously leaked courseware from those countries.

OSCE has a challenge you have to pass, it's quite fun, but also a bit hard, especially if you're a beginner, then I wouldn't recommend spending too much time on it in case you get stuck.

But if you want to try it out one day: http://fc4.me/ (Just keep in mind it's for OSCE, not OSCP and it's meant to make sure you know enough before doing the course.) Doing the challenge doesn't force you to sign up for the course, so feel free.

I'm sure that you can sign up for OSCP without much trouble, keep in mind they have "slots" due to they don't put too many students in their labs at the same time, so plan ahead as you may have to wait a month before you can enter their labs.

As you are researching and learning more, maybe you can try incorporating it at your current position if you have not already. There are others here who did that same thing to move into the security field. Maybe do research on the web applications you are currently developing and do vulnerability assessments on them. You can make reports on what you find and try to explain it to others.

As far as certifications go, at some point, I would still continue to study for the CISSP. It helps with learning laws for security issues and other non-technical issues. It also seems to please HR for some reason. In addition, I would go for the OSCP asap. It gives enormous amounts of technical knowledge for pentests. It will also expand your knowledge as far as the process of a pentest. You can work on the soft skills also. The course helps with making pentest reports.

I remember Mike Murray talking a lot about that: (http://www.thehackeracademy.com/blog/). The OSCP pentest report is a good process to go through since a lot of other security courses do not talk about it. It is very time consuming and requires you to know, not only about the vulnerability, but also, its solution or workaround. My 2cents.

I tried http://fc4.me/ and after spending few mins I was only able to find the JS files embedded with the page, Whats inside the page makes me confuse i got an idea that the password is encrypted but i was unable to decrypt it. So yea it means i am still a newbie ..

Agoonie, yes now i am doing the same i am researching about it from my work. When i get free time i am planning to go for a pen-test as my company don't want me to do that i will just go for it and once I will find something very vulnerable will show them the report to make them aware how important it is. Other than that the book which I think will be very helpful if i will buy one is http://www.amazon.com/BackTrack-Assuring-Security-Penetration-Testing/dp/1849513945

What do u guys think about this Book? is it ok for a newbie to jump into it. I will appreciate all the Ehackers suggestions...

moosa wrote:I tried http://fc4.me/ and after spending few mins I was only able to find the JS files embedded with the page, Whats inside the page makes me confuse i got an idea that the password is encrypted but i was unable to decrypt it. So yea it means i am still a newbie ..

Agoonie, yes now i am doing the same i am researching about it from my work. When i get free time i am planning to go for a pen-test as my company don't want me to do that i will just go for it and once I will find something very vulnerable will show them the report to make them aware how important it is. Other than that the book which I think will be very helpful if i will buy one is http://www.amazon.com/BackTrack-Assuring-Security-Penetration-Testing/dp/1849513945

What do u guys think about this Book? is it ok for a newbie to jump into it. I will appreciate all the Ehackers suggestions...

I would not do a pentest on your company without their (written) consent. You want to make sure you are covered in case something goes wrong. You could be liable and no one likes fines or prison. Can you just convince your company that they need a vulnerability assessment first, which would not be very intrusive or disrupt your environment? If that goes well, maybe they would be open to have you do the penetration test (legally).

I think it is a good book to start with but just make sure you do not stop there. You will find that you will be looking at many books from now on. I just keep a fund every year since I know I will be spending about $250-500 on books. Also, search online, most of the knowledge you will need is already online for free. Just to name a few: